1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2020 MediaTek Inc. */
3 
4 #include <linux/firmware.h>
5 #include <linux/fs.h>
6 #include "mt7921.h"
7 #include "mt7921_trace.h"
8 #include "mcu.h"
9 #include "mac.h"
10 
11 struct mt7921_patch_hdr {
12 	char build_date[16];
13 	char platform[4];
14 	__be32 hw_sw_ver;
15 	__be32 patch_ver;
16 	__be16 checksum;
17 	u16 reserved;
18 	struct {
19 		__be32 patch_ver;
20 		__be32 subsys;
21 		__be32 feature;
22 		__be32 n_region;
23 		__be32 crc;
24 		u32 reserved[11];
25 	} desc;
26 } __packed;
27 
28 struct mt7921_patch_sec {
29 	__be32 type;
30 	__be32 offs;
31 	__be32 size;
32 	union {
33 		__be32 spec[13];
34 		struct {
35 			__be32 addr;
36 			__be32 len;
37 			__be32 sec_key_idx;
38 			__be32 align_len;
39 			u32 reserved[9];
40 		} info;
41 	};
42 } __packed;
43 
44 struct mt7921_fw_trailer {
45 	u8 chip_id;
46 	u8 eco_code;
47 	u8 n_region;
48 	u8 format_ver;
49 	u8 format_flag;
50 	u8 reserved[2];
51 	char fw_ver[10];
52 	char build_date[15];
53 	u32 crc;
54 } __packed;
55 
56 struct mt7921_fw_region {
57 	__le32 decomp_crc;
58 	__le32 decomp_len;
59 	__le32 decomp_blk_sz;
60 	u8 reserved[4];
61 	__le32 addr;
62 	__le32 len;
63 	u8 feature_set;
64 	u8 reserved1[15];
65 } __packed;
66 
67 #define MT_STA_BFER			BIT(0)
68 #define MT_STA_BFEE			BIT(1)
69 
70 #define FW_FEATURE_SET_ENCRYPT		BIT(0)
71 #define FW_FEATURE_SET_KEY_IDX		GENMASK(2, 1)
72 #define FW_FEATURE_ENCRY_MODE		BIT(4)
73 #define FW_FEATURE_OVERRIDE_ADDR	BIT(5)
74 
75 #define DL_MODE_ENCRYPT			BIT(0)
76 #define DL_MODE_KEY_IDX			GENMASK(2, 1)
77 #define DL_MODE_RESET_SEC_IV		BIT(3)
78 #define DL_MODE_WORKING_PDA_CR4		BIT(4)
79 #define DL_CONFIG_ENCRY_MODE_SEL	BIT(6)
80 #define DL_MODE_NEED_RSP		BIT(31)
81 
82 #define FW_START_OVERRIDE		BIT(0)
83 #define FW_START_WORKING_PDA_CR4	BIT(2)
84 
85 #define PATCH_SEC_TYPE_MASK		GENMASK(15, 0)
86 #define PATCH_SEC_TYPE_INFO		0x2
87 
88 #define to_wcid_lo(id)			FIELD_GET(GENMASK(7, 0), (u16)id)
89 #define to_wcid_hi(id)			FIELD_GET(GENMASK(9, 8), (u16)id)
90 
91 static enum mcu_cipher_type
92 mt7921_mcu_get_cipher(int cipher)
93 {
94 	switch (cipher) {
95 	case WLAN_CIPHER_SUITE_WEP40:
96 		return MCU_CIPHER_WEP40;
97 	case WLAN_CIPHER_SUITE_WEP104:
98 		return MCU_CIPHER_WEP104;
99 	case WLAN_CIPHER_SUITE_TKIP:
100 		return MCU_CIPHER_TKIP;
101 	case WLAN_CIPHER_SUITE_AES_CMAC:
102 		return MCU_CIPHER_BIP_CMAC_128;
103 	case WLAN_CIPHER_SUITE_CCMP:
104 		return MCU_CIPHER_AES_CCMP;
105 	case WLAN_CIPHER_SUITE_CCMP_256:
106 		return MCU_CIPHER_CCMP_256;
107 	case WLAN_CIPHER_SUITE_GCMP:
108 		return MCU_CIPHER_GCMP;
109 	case WLAN_CIPHER_SUITE_GCMP_256:
110 		return MCU_CIPHER_GCMP_256;
111 	case WLAN_CIPHER_SUITE_SMS4:
112 		return MCU_CIPHER_WAPI;
113 	default:
114 		return MT_CIPHER_NONE;
115 	}
116 }
117 
118 static u8 mt7921_mcu_chan_bw(struct cfg80211_chan_def *chandef)
119 {
120 	static const u8 width_to_bw[] = {
121 		[NL80211_CHAN_WIDTH_40] = CMD_CBW_40MHZ,
122 		[NL80211_CHAN_WIDTH_80] = CMD_CBW_80MHZ,
123 		[NL80211_CHAN_WIDTH_80P80] = CMD_CBW_8080MHZ,
124 		[NL80211_CHAN_WIDTH_160] = CMD_CBW_160MHZ,
125 		[NL80211_CHAN_WIDTH_5] = CMD_CBW_5MHZ,
126 		[NL80211_CHAN_WIDTH_10] = CMD_CBW_10MHZ,
127 		[NL80211_CHAN_WIDTH_20] = CMD_CBW_20MHZ,
128 		[NL80211_CHAN_WIDTH_20_NOHT] = CMD_CBW_20MHZ,
129 	};
130 
131 	if (chandef->width >= ARRAY_SIZE(width_to_bw))
132 		return 0;
133 
134 	return width_to_bw[chandef->width];
135 }
136 
137 static int
138 mt7921_mcu_parse_eeprom(struct mt76_dev *dev, struct sk_buff *skb)
139 {
140 	struct mt7921_mcu_eeprom_info *res;
141 	u8 *buf;
142 
143 	if (!skb)
144 		return -EINVAL;
145 
146 	skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
147 
148 	res = (struct mt7921_mcu_eeprom_info *)skb->data;
149 	buf = dev->eeprom.data + le32_to_cpu(res->addr);
150 	memcpy(buf, res->data, 16);
151 
152 	return 0;
153 }
154 
155 static int
156 mt7921_mcu_parse_response(struct mt76_dev *mdev, int cmd,
157 			  struct sk_buff *skb, int seq)
158 {
159 	struct mt7921_mcu_rxd *rxd;
160 	int ret = 0;
161 
162 	if (!skb) {
163 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
164 			cmd, seq);
165 		mt7921_reset(mdev);
166 
167 		return -ETIMEDOUT;
168 	}
169 
170 	rxd = (struct mt7921_mcu_rxd *)skb->data;
171 	if (seq != rxd->seq)
172 		return -EAGAIN;
173 
174 	switch (cmd) {
175 	case MCU_CMD_PATCH_SEM_CONTROL:
176 		skb_pull(skb, sizeof(*rxd) - 4);
177 		ret = *skb->data;
178 		break;
179 	case MCU_EXT_CMD_GET_TEMP:
180 		skb_pull(skb, sizeof(*rxd) + 4);
181 		ret = le32_to_cpu(*(__le32 *)skb->data);
182 		break;
183 	case MCU_EXT_CMD_EFUSE_ACCESS:
184 		ret = mt7921_mcu_parse_eeprom(mdev, skb);
185 		break;
186 	case MCU_UNI_CMD_DEV_INFO_UPDATE:
187 	case MCU_UNI_CMD_BSS_INFO_UPDATE:
188 	case MCU_UNI_CMD_STA_REC_UPDATE:
189 	case MCU_UNI_CMD_HIF_CTRL:
190 	case MCU_UNI_CMD_OFFLOAD:
191 	case MCU_UNI_CMD_SUSPEND: {
192 		struct mt7921_mcu_uni_event *event;
193 
194 		skb_pull(skb, sizeof(*rxd));
195 		event = (struct mt7921_mcu_uni_event *)skb->data;
196 		ret = le32_to_cpu(event->status);
197 		break;
198 	}
199 	case MCU_CMD_REG_READ: {
200 		struct mt7921_mcu_reg_event *event;
201 
202 		skb_pull(skb, sizeof(*rxd));
203 		event = (struct mt7921_mcu_reg_event *)skb->data;
204 		ret = (int)le32_to_cpu(event->val);
205 		break;
206 	}
207 	default:
208 		skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
209 		break;
210 	}
211 
212 	return ret;
213 }
214 
215 static int
216 mt7921_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
217 			int cmd, int *wait_seq)
218 {
219 	struct mt7921_dev *dev = container_of(mdev, struct mt7921_dev, mt76);
220 	int txd_len, mcu_cmd = cmd & MCU_CMD_MASK;
221 	enum mt76_mcuq_id txq = MT_MCUQ_WM;
222 	struct mt7921_uni_txd *uni_txd;
223 	struct mt7921_mcu_txd *mcu_txd;
224 	__le32 *txd;
225 	u32 val;
226 	u8 seq;
227 
228 	switch (cmd) {
229 	case MCU_UNI_CMD_HIF_CTRL:
230 	case MCU_UNI_CMD_SUSPEND:
231 	case MCU_UNI_CMD_OFFLOAD:
232 		mdev->mcu.timeout = HZ / 3;
233 		break;
234 	default:
235 		mdev->mcu.timeout = 3 * HZ;
236 		break;
237 	}
238 
239 	seq = ++dev->mt76.mcu.msg_seq & 0xf;
240 	if (!seq)
241 		seq = ++dev->mt76.mcu.msg_seq & 0xf;
242 
243 	if (cmd == MCU_CMD_FW_SCATTER) {
244 		txq = MT_MCUQ_FWDL;
245 		goto exit;
246 	}
247 
248 	txd_len = cmd & MCU_UNI_PREFIX ? sizeof(*uni_txd) : sizeof(*mcu_txd);
249 	txd = (__le32 *)skb_push(skb, txd_len);
250 
251 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
252 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
253 	      FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
254 	txd[0] = cpu_to_le32(val);
255 
256 	val = MT_TXD1_LONG_FORMAT |
257 	      FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
258 	txd[1] = cpu_to_le32(val);
259 
260 	if (cmd & MCU_UNI_PREFIX) {
261 		uni_txd = (struct mt7921_uni_txd *)txd;
262 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
263 		uni_txd->option = MCU_CMD_UNI_EXT_ACK;
264 		uni_txd->cid = cpu_to_le16(mcu_cmd);
265 		uni_txd->s2d_index = MCU_S2D_H2N;
266 		uni_txd->pkt_type = MCU_PKT_ID;
267 		uni_txd->seq = seq;
268 
269 		goto exit;
270 	}
271 
272 	mcu_txd = (struct mt7921_mcu_txd *)txd;
273 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
274 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
275 					       MT_TX_MCU_PORT_RX_Q0));
276 	mcu_txd->pkt_type = MCU_PKT_ID;
277 	mcu_txd->seq = seq;
278 
279 	switch (cmd & ~MCU_CMD_MASK) {
280 	case MCU_FW_PREFIX:
281 		mcu_txd->set_query = MCU_Q_NA;
282 		mcu_txd->cid = mcu_cmd;
283 		break;
284 	case MCU_CE_PREFIX:
285 		if (cmd & MCU_QUERY_MASK)
286 			mcu_txd->set_query = MCU_Q_QUERY;
287 		else
288 			mcu_txd->set_query = MCU_Q_SET;
289 		mcu_txd->cid = mcu_cmd;
290 		break;
291 	default:
292 		mcu_txd->cid = MCU_CMD_EXT_CID;
293 		if (cmd & MCU_QUERY_PREFIX || cmd == MCU_EXT_CMD_EFUSE_ACCESS)
294 			mcu_txd->set_query = MCU_Q_QUERY;
295 		else
296 			mcu_txd->set_query = MCU_Q_SET;
297 		mcu_txd->ext_cid = mcu_cmd;
298 		mcu_txd->ext_cid_ack = 1;
299 		break;
300 	}
301 
302 	mcu_txd->s2d_index = MCU_S2D_H2N;
303 	WARN_ON(cmd == MCU_EXT_CMD_EFUSE_ACCESS &&
304 		mcu_txd->set_query != MCU_Q_QUERY);
305 
306 exit:
307 	if (wait_seq)
308 		*wait_seq = seq;
309 
310 	return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[txq], skb, 0);
311 }
312 
313 static void
314 mt7921_mcu_tx_rate_parse(struct mt76_phy *mphy,
315 			 struct mt7921_mcu_peer_cap *peer,
316 			 struct rate_info *rate, u16 r)
317 {
318 	struct ieee80211_supported_band *sband;
319 	u16 flags = 0;
320 	u8 txmode = FIELD_GET(MT_WTBL_RATE_TX_MODE, r);
321 	u8 gi = 0;
322 	u8 bw = 0;
323 
324 	rate->mcs = FIELD_GET(MT_WTBL_RATE_MCS, r);
325 	rate->nss = FIELD_GET(MT_WTBL_RATE_NSS, r) + 1;
326 
327 	switch (peer->bw) {
328 	case IEEE80211_STA_RX_BW_160:
329 		gi = peer->g16;
330 		break;
331 	case IEEE80211_STA_RX_BW_80:
332 		gi = peer->g8;
333 		break;
334 	case IEEE80211_STA_RX_BW_40:
335 		gi = peer->g4;
336 		break;
337 	default:
338 		gi = peer->g2;
339 		break;
340 	}
341 
342 	gi = txmode >= MT_PHY_TYPE_HE_SU ?
343 		FIELD_GET(MT_WTBL_RATE_HE_GI, gi) :
344 		FIELD_GET(MT_WTBL_RATE_GI, gi);
345 
346 	switch (txmode) {
347 	case MT_PHY_TYPE_CCK:
348 	case MT_PHY_TYPE_OFDM:
349 		if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
350 			sband = &mphy->sband_5g.sband;
351 		else
352 			sband = &mphy->sband_2g.sband;
353 
354 		rate->legacy = sband->bitrates[rate->mcs].bitrate;
355 		break;
356 	case MT_PHY_TYPE_HT:
357 	case MT_PHY_TYPE_HT_GF:
358 		flags |= RATE_INFO_FLAGS_MCS;
359 
360 		if (gi)
361 			flags |= RATE_INFO_FLAGS_SHORT_GI;
362 		break;
363 	case MT_PHY_TYPE_VHT:
364 		flags |= RATE_INFO_FLAGS_VHT_MCS;
365 
366 		if (gi)
367 			flags |= RATE_INFO_FLAGS_SHORT_GI;
368 		break;
369 	case MT_PHY_TYPE_HE_SU:
370 	case MT_PHY_TYPE_HE_EXT_SU:
371 	case MT_PHY_TYPE_HE_TB:
372 	case MT_PHY_TYPE_HE_MU:
373 		rate->he_gi = gi;
374 		rate->he_dcm = FIELD_GET(MT_RA_RATE_DCM_EN, r);
375 
376 		flags |= RATE_INFO_FLAGS_HE_MCS;
377 		break;
378 	default:
379 		break;
380 	}
381 	rate->flags = flags;
382 
383 	bw = mt7921_mcu_chan_bw(&mphy->chandef) - FIELD_GET(MT_RA_RATE_BW, r);
384 
385 	switch (bw) {
386 	case IEEE80211_STA_RX_BW_160:
387 		rate->bw = RATE_INFO_BW_160;
388 		break;
389 	case IEEE80211_STA_RX_BW_80:
390 		rate->bw = RATE_INFO_BW_80;
391 		break;
392 	case IEEE80211_STA_RX_BW_40:
393 		rate->bw = RATE_INFO_BW_40;
394 		break;
395 	default:
396 		rate->bw = RATE_INFO_BW_20;
397 		break;
398 	}
399 }
400 
401 static void
402 mt7921_mcu_scan_event(struct mt7921_dev *dev, struct sk_buff *skb)
403 {
404 	struct mt76_phy *mphy = &dev->mt76.phy;
405 	struct mt7921_phy *phy = (struct mt7921_phy *)mphy->priv;
406 
407 	spin_lock_bh(&dev->mt76.lock);
408 	__skb_queue_tail(&phy->scan_event_list, skb);
409 	spin_unlock_bh(&dev->mt76.lock);
410 
411 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
412 				     MT7921_HW_SCAN_TIMEOUT);
413 }
414 
415 static void
416 mt7921_mcu_connection_loss_iter(void *priv, u8 *mac,
417 				struct ieee80211_vif *vif)
418 {
419 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
420 	struct mt76_connac_beacon_loss_event *event = priv;
421 
422 	if (mvif->idx != event->bss_idx)
423 		return;
424 
425 	if (!(vif->driver_flags & IEEE80211_VIF_BEACON_FILTER))
426 		return;
427 
428 	ieee80211_connection_loss(vif);
429 }
430 
431 static void
432 mt7921_mcu_connection_loss_event(struct mt7921_dev *dev, struct sk_buff *skb)
433 {
434 	struct mt76_connac_beacon_loss_event *event;
435 	struct mt76_phy *mphy = &dev->mt76.phy;
436 
437 	skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
438 	event = (struct mt76_connac_beacon_loss_event *)skb->data;
439 
440 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
441 					IEEE80211_IFACE_ITER_RESUME_ALL,
442 					mt7921_mcu_connection_loss_iter, event);
443 }
444 
445 static void
446 mt7921_mcu_bss_event(struct mt7921_dev *dev, struct sk_buff *skb)
447 {
448 	struct mt76_phy *mphy = &dev->mt76.phy;
449 	struct mt76_connac_mcu_bss_event *event;
450 
451 	skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
452 	event = (struct mt76_connac_mcu_bss_event *)skb->data;
453 	if (event->is_absent)
454 		ieee80211_stop_queues(mphy->hw);
455 	else
456 		ieee80211_wake_queues(mphy->hw);
457 }
458 
459 static void
460 mt7921_mcu_debug_msg_event(struct mt7921_dev *dev, struct sk_buff *skb)
461 {
462 	struct mt7921_debug_msg {
463 		__le16 id;
464 		u8 type;
465 		u8 flag;
466 		__le32 value;
467 		__le16 len;
468 		u8 content[512];
469 	} __packed * msg;
470 
471 	skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
472 	msg = (struct mt7921_debug_msg *)skb->data;
473 
474 	if (msg->type == 3) { /* fw log */
475 		u16 len = min_t(u16, le16_to_cpu(msg->len), 512);
476 		int i;
477 
478 		for (i = 0 ; i < len; i++) {
479 			if (!msg->content[i])
480 				msg->content[i] = ' ';
481 		}
482 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", len, msg->content);
483 	}
484 }
485 
486 static void
487 mt7921_mcu_low_power_event(struct mt7921_dev *dev, struct sk_buff *skb)
488 {
489 	struct mt7921_mcu_lp_event {
490 		u8 state;
491 		u8 reserved[3];
492 	} __packed * event;
493 
494 	skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
495 	event = (struct mt7921_mcu_lp_event *)skb->data;
496 
497 	trace_lp_event(dev, event->state);
498 }
499 
500 static void
501 mt7921_mcu_tx_done_event(struct mt7921_dev *dev, struct sk_buff *skb)
502 {
503 	struct mt7921_mcu_tx_done_event *event;
504 	struct mt7921_sta *msta;
505 	struct mt7921_phy *mphy = &dev->phy;
506 	struct mt7921_mcu_peer_cap peer;
507 	struct ieee80211_sta *sta;
508 	LIST_HEAD(list);
509 
510 	skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
511 	event = (struct mt7921_mcu_tx_done_event *)skb->data;
512 
513 	spin_lock_bh(&dev->sta_poll_lock);
514 	list_splice_init(&mphy->stats_list, &list);
515 
516 	while (!list_empty(&list)) {
517 		msta = list_first_entry(&list, struct mt7921_sta, stats_list);
518 		list_del_init(&msta->stats_list);
519 
520 		if (msta->wcid.idx != event->wlan_idx)
521 			continue;
522 
523 		spin_unlock_bh(&dev->sta_poll_lock);
524 
525 		sta = wcid_to_sta(&msta->wcid);
526 
527 		/* peer config based on IEEE SPEC */
528 		memset(&peer, 0x0, sizeof(peer));
529 		peer.bw = event->bw;
530 		peer.g2 = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20);
531 		peer.g4 = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40);
532 		peer.g8 = !!(sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80);
533 		peer.g16 = !!(sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160);
534 		mt7921_mcu_tx_rate_parse(mphy->mt76, &peer,
535 					 &msta->stats.tx_rate, event->tx_rate);
536 
537 		spin_lock_bh(&dev->sta_poll_lock);
538 		break;
539 	}
540 	spin_unlock_bh(&dev->sta_poll_lock);
541 }
542 
543 static void
544 mt7921_mcu_rx_unsolicited_event(struct mt7921_dev *dev, struct sk_buff *skb)
545 {
546 	struct mt7921_mcu_rxd *rxd = (struct mt7921_mcu_rxd *)skb->data;
547 
548 	switch (rxd->eid) {
549 	case MCU_EVENT_BSS_BEACON_LOSS:
550 		mt7921_mcu_connection_loss_event(dev, skb);
551 		break;
552 	case MCU_EVENT_SCHED_SCAN_DONE:
553 	case MCU_EVENT_SCAN_DONE:
554 		mt7921_mcu_scan_event(dev, skb);
555 		return;
556 	case MCU_EVENT_BSS_ABSENCE:
557 		mt7921_mcu_bss_event(dev, skb);
558 		break;
559 	case MCU_EVENT_DBG_MSG:
560 		mt7921_mcu_debug_msg_event(dev, skb);
561 		break;
562 	case MCU_EVENT_COREDUMP:
563 		mt76_connac_mcu_coredump_event(&dev->mt76, skb,
564 					       &dev->coredump);
565 		return;
566 	case MCU_EVENT_LP_INFO:
567 		mt7921_mcu_low_power_event(dev, skb);
568 		break;
569 	case MCU_EVENT_TX_DONE:
570 		mt7921_mcu_tx_done_event(dev, skb);
571 		break;
572 	default:
573 		break;
574 	}
575 	dev_kfree_skb(skb);
576 }
577 
578 void mt7921_mcu_rx_event(struct mt7921_dev *dev, struct sk_buff *skb)
579 {
580 	struct mt7921_mcu_rxd *rxd = (struct mt7921_mcu_rxd *)skb->data;
581 
582 	if (rxd->eid == 0x6) {
583 		mt76_mcu_rx_event(&dev->mt76, skb);
584 		return;
585 	}
586 
587 	if (rxd->ext_eid == MCU_EXT_EVENT_RATE_REPORT ||
588 	    rxd->eid == MCU_EVENT_BSS_BEACON_LOSS ||
589 	    rxd->eid == MCU_EVENT_SCHED_SCAN_DONE ||
590 	    rxd->eid == MCU_EVENT_BSS_ABSENCE ||
591 	    rxd->eid == MCU_EVENT_SCAN_DONE ||
592 	    rxd->eid == MCU_EVENT_TX_DONE ||
593 	    rxd->eid == MCU_EVENT_DBG_MSG ||
594 	    rxd->eid == MCU_EVENT_COREDUMP ||
595 	    rxd->eid == MCU_EVENT_LP_INFO ||
596 	    !rxd->seq)
597 		mt7921_mcu_rx_unsolicited_event(dev, skb);
598 	else
599 		mt76_mcu_rx_event(&dev->mt76, skb);
600 }
601 
602 /** starec & wtbl **/
603 static int
604 mt7921_mcu_sta_key_tlv(struct mt7921_sta *msta, struct sk_buff *skb,
605 		       struct ieee80211_key_conf *key, enum set_key_cmd cmd)
606 {
607 	struct mt7921_sta_key_conf *bip = &msta->bip;
608 	struct sta_rec_sec *sec;
609 	struct tlv *tlv;
610 	u32 len = sizeof(*sec);
611 
612 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V2, sizeof(*sec));
613 
614 	sec = (struct sta_rec_sec *)tlv;
615 	sec->add = cmd;
616 
617 	if (cmd == SET_KEY) {
618 		struct sec_key *sec_key;
619 		u8 cipher;
620 
621 		cipher = mt7921_mcu_get_cipher(key->cipher);
622 		if (cipher == MT_CIPHER_NONE)
623 			return -EOPNOTSUPP;
624 
625 		sec_key = &sec->key[0];
626 		sec_key->cipher_len = sizeof(*sec_key);
627 
628 		if (cipher == MCU_CIPHER_BIP_CMAC_128) {
629 			sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
630 			sec_key->key_id = bip->keyidx;
631 			sec_key->key_len = 16;
632 			memcpy(sec_key->key, bip->key, 16);
633 
634 			sec_key = &sec->key[1];
635 			sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
636 			sec_key->cipher_len = sizeof(*sec_key);
637 			sec_key->key_len = 16;
638 			memcpy(sec_key->key, key->key, 16);
639 
640 			sec->n_cipher = 2;
641 		} else {
642 			sec_key->cipher_id = cipher;
643 			sec_key->key_id = key->keyidx;
644 			sec_key->key_len = key->keylen;
645 			memcpy(sec_key->key, key->key, key->keylen);
646 
647 			if (cipher == MCU_CIPHER_TKIP) {
648 				/* Rx/Tx MIC keys are swapped */
649 				memcpy(sec_key->key + 16, key->key + 24, 8);
650 				memcpy(sec_key->key + 24, key->key + 16, 8);
651 			}
652 
653 			/* store key_conf for BIP batch update */
654 			if (cipher == MCU_CIPHER_AES_CCMP) {
655 				memcpy(bip->key, key->key, key->keylen);
656 				bip->keyidx = key->keyidx;
657 			}
658 
659 			len -= sizeof(*sec_key);
660 			sec->n_cipher = 1;
661 		}
662 	} else {
663 		len -= sizeof(sec->key);
664 		sec->n_cipher = 0;
665 	}
666 	sec->len = cpu_to_le16(len);
667 
668 	return 0;
669 }
670 
671 int mt7921_mcu_add_key(struct mt7921_dev *dev, struct ieee80211_vif *vif,
672 		       struct mt7921_sta *msta, struct ieee80211_key_conf *key,
673 		       enum set_key_cmd cmd)
674 {
675 	struct mt7921_vif *mvif = (struct mt7921_vif *)vif->drv_priv;
676 	struct sk_buff *skb;
677 	int ret;
678 
679 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
680 					    &msta->wcid);
681 	if (IS_ERR(skb))
682 		return PTR_ERR(skb);
683 
684 	ret = mt7921_mcu_sta_key_tlv(msta, skb, key, cmd);
685 	if (ret)
686 		return ret;
687 
688 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
689 				     MCU_UNI_CMD_STA_REC_UPDATE, true);
690 }
691 
692 int mt7921_mcu_uni_tx_ba(struct mt7921_dev *dev,
693 			 struct ieee80211_ampdu_params *params,
694 			 bool enable)
695 {
696 	struct mt7921_sta *msta = (struct mt7921_sta *)params->sta->drv_priv;
697 
698 	if (enable && !params->amsdu)
699 		msta->wcid.amsdu = false;
700 
701 	return mt76_connac_mcu_sta_ba(&dev->mt76, &msta->vif->mt76, params,
702 				      enable, true);
703 }
704 
705 int mt7921_mcu_uni_rx_ba(struct mt7921_dev *dev,
706 			 struct ieee80211_ampdu_params *params,
707 			 bool enable)
708 {
709 	struct mt7921_sta *msta = (struct mt7921_sta *)params->sta->drv_priv;
710 
711 	return mt76_connac_mcu_sta_ba(&dev->mt76, &msta->vif->mt76, params,
712 				      enable, false);
713 }
714 
715 static int mt7921_mcu_restart(struct mt76_dev *dev)
716 {
717 	struct {
718 		u8 power_mode;
719 		u8 rsv[3];
720 	} req = {
721 		.power_mode = 1,
722 	};
723 
724 	return mt76_mcu_send_msg(dev, MCU_CMD_NIC_POWER_CTRL, &req,
725 				 sizeof(req), false);
726 }
727 
728 static int mt7921_driver_own(struct mt7921_dev *dev)
729 {
730 	u32 reg = mt7921_reg_map_l1(dev, MT_TOP_LPCR_HOST_BAND0);
731 
732 	mt76_wr(dev, reg, MT_TOP_LPCR_HOST_DRV_OWN);
733 	if (!mt76_poll_msec(dev, reg, MT_TOP_LPCR_HOST_FW_OWN,
734 			    0, 500)) {
735 		dev_err(dev->mt76.dev, "Timeout for driver own\n");
736 		return -EIO;
737 	}
738 
739 	return 0;
740 }
741 
742 static int mt7921_load_patch(struct mt7921_dev *dev)
743 {
744 	const struct mt7921_patch_hdr *hdr;
745 	const struct firmware *fw = NULL;
746 	int i, ret, sem;
747 
748 	sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, true);
749 	switch (sem) {
750 	case PATCH_IS_DL:
751 		return 0;
752 	case PATCH_NOT_DL_SEM_SUCCESS:
753 		break;
754 	default:
755 		dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
756 		return -EAGAIN;
757 	}
758 
759 	ret = request_firmware(&fw, MT7921_ROM_PATCH, dev->mt76.dev);
760 	if (ret)
761 		goto out;
762 
763 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
764 		dev_err(dev->mt76.dev, "Invalid firmware\n");
765 		ret = -EINVAL;
766 		goto out;
767 	}
768 
769 	hdr = (const struct mt7921_patch_hdr *)(fw->data);
770 
771 	dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
772 		 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
773 
774 	for (i = 0; i < be32_to_cpu(hdr->desc.n_region); i++) {
775 		struct mt7921_patch_sec *sec;
776 		const u8 *dl;
777 		u32 len, addr;
778 
779 		sec = (struct mt7921_patch_sec *)(fw->data + sizeof(*hdr) +
780 						  i * sizeof(*sec));
781 		if ((be32_to_cpu(sec->type) & PATCH_SEC_TYPE_MASK) !=
782 		    PATCH_SEC_TYPE_INFO) {
783 			ret = -EINVAL;
784 			goto out;
785 		}
786 
787 		addr = be32_to_cpu(sec->info.addr);
788 		len = be32_to_cpu(sec->info.len);
789 		dl = fw->data + be32_to_cpu(sec->offs);
790 
791 		ret = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
792 						    DL_MODE_NEED_RSP);
793 		if (ret) {
794 			dev_err(dev->mt76.dev, "Download request failed\n");
795 			goto out;
796 		}
797 
798 		ret = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD_FW_SCATTER,
799 					     dl, len);
800 		if (ret) {
801 			dev_err(dev->mt76.dev, "Failed to send patch\n");
802 			goto out;
803 		}
804 	}
805 
806 	ret = mt76_connac_mcu_start_patch(&dev->mt76);
807 	if (ret)
808 		dev_err(dev->mt76.dev, "Failed to start patch\n");
809 
810 out:
811 	sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, false);
812 	switch (sem) {
813 	case PATCH_REL_SEM_SUCCESS:
814 		break;
815 	default:
816 		ret = -EAGAIN;
817 		dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
818 		goto out;
819 	}
820 	release_firmware(fw);
821 
822 	return ret;
823 }
824 
825 static u32 mt7921_mcu_gen_dl_mode(u8 feature_set, bool is_wa)
826 {
827 	u32 ret = 0;
828 
829 	ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
830 	       (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
831 	ret |= (feature_set & FW_FEATURE_ENCRY_MODE) ?
832 	       DL_CONFIG_ENCRY_MODE_SEL : 0;
833 	ret |= FIELD_PREP(DL_MODE_KEY_IDX,
834 			  FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
835 	ret |= DL_MODE_NEED_RSP;
836 	ret |= is_wa ? DL_MODE_WORKING_PDA_CR4 : 0;
837 
838 	return ret;
839 }
840 
841 static int
842 mt7921_mcu_send_ram_firmware(struct mt7921_dev *dev,
843 			     const struct mt7921_fw_trailer *hdr,
844 			     const u8 *data, bool is_wa)
845 {
846 	int i, offset = 0;
847 	u32 override = 0, option = 0;
848 
849 	for (i = 0; i < hdr->n_region; i++) {
850 		const struct mt7921_fw_region *region;
851 		int err;
852 		u32 len, addr, mode;
853 
854 		region = (const struct mt7921_fw_region *)((const u8 *)hdr -
855 			 (hdr->n_region - i) * sizeof(*region));
856 		mode = mt7921_mcu_gen_dl_mode(region->feature_set, is_wa);
857 		len = le32_to_cpu(region->len);
858 		addr = le32_to_cpu(region->addr);
859 
860 		if (region->feature_set & FW_FEATURE_OVERRIDE_ADDR)
861 			override = addr;
862 
863 		err = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
864 						    mode);
865 		if (err) {
866 			dev_err(dev->mt76.dev, "Download request failed\n");
867 			return err;
868 		}
869 
870 		err = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD_FW_SCATTER,
871 					     data + offset, len);
872 		if (err) {
873 			dev_err(dev->mt76.dev, "Failed to send firmware.\n");
874 			return err;
875 		}
876 
877 		offset += len;
878 	}
879 
880 	if (override)
881 		option |= FW_START_OVERRIDE;
882 
883 	if (is_wa)
884 		option |= FW_START_WORKING_PDA_CR4;
885 
886 	return mt76_connac_mcu_start_firmware(&dev->mt76, override, option);
887 }
888 
889 static int mt7921_load_ram(struct mt7921_dev *dev)
890 {
891 	const struct mt7921_fw_trailer *hdr;
892 	const struct firmware *fw;
893 	int ret;
894 
895 	ret = request_firmware(&fw, MT7921_FIRMWARE_WM, dev->mt76.dev);
896 	if (ret)
897 		return ret;
898 
899 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
900 		dev_err(dev->mt76.dev, "Invalid firmware\n");
901 		ret = -EINVAL;
902 		goto out;
903 	}
904 
905 	hdr = (const struct mt7921_fw_trailer *)(fw->data + fw->size -
906 					sizeof(*hdr));
907 
908 	dev_info(dev->mt76.dev, "WM Firmware Version: %.10s, Build Time: %.15s\n",
909 		 hdr->fw_ver, hdr->build_date);
910 
911 	ret = mt7921_mcu_send_ram_firmware(dev, hdr, fw->data, false);
912 	if (ret) {
913 		dev_err(dev->mt76.dev, "Failed to start WM firmware\n");
914 		goto out;
915 	}
916 
917 	snprintf(dev->mt76.hw->wiphy->fw_version,
918 		 sizeof(dev->mt76.hw->wiphy->fw_version),
919 		 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
920 
921 out:
922 	release_firmware(fw);
923 
924 	return ret;
925 }
926 
927 static int mt7921_load_firmware(struct mt7921_dev *dev)
928 {
929 	int ret;
930 
931 	ret = mt76_get_field(dev, MT_CONN_ON_MISC, MT_TOP_MISC2_FW_N9_RDY);
932 	if (ret) {
933 		dev_dbg(dev->mt76.dev, "Firmware is already download\n");
934 		goto fw_loaded;
935 	}
936 
937 	ret = mt7921_load_patch(dev);
938 	if (ret)
939 		return ret;
940 
941 	ret = mt7921_load_ram(dev);
942 	if (ret)
943 		return ret;
944 
945 	if (!mt76_poll_msec(dev, MT_CONN_ON_MISC, MT_TOP_MISC2_FW_N9_RDY,
946 			    MT_TOP_MISC2_FW_N9_RDY, 1500)) {
947 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
948 
949 		return -EIO;
950 	}
951 
952 fw_loaded:
953 	mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
954 
955 #ifdef CONFIG_PM
956 	dev->mt76.hw->wiphy->wowlan = &mt76_connac_wowlan_support;
957 #endif /* CONFIG_PM */
958 
959 	dev_err(dev->mt76.dev, "Firmware init done\n");
960 
961 	return 0;
962 }
963 
964 int mt7921_mcu_fw_log_2_host(struct mt7921_dev *dev, u8 ctrl)
965 {
966 	struct {
967 		u8 ctrl_val;
968 		u8 pad[3];
969 	} data = {
970 		.ctrl_val = ctrl
971 	};
972 
973 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD_FWLOG_2_HOST, &data,
974 				 sizeof(data), false);
975 }
976 
977 int mt7921_run_firmware(struct mt7921_dev *dev)
978 {
979 	int err;
980 
981 	err = mt7921_driver_own(dev);
982 	if (err)
983 		return err;
984 
985 	err = mt7921_load_firmware(dev);
986 	if (err)
987 		return err;
988 
989 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
990 	mt7921_mcu_fw_log_2_host(dev, 1);
991 
992 	return mt76_connac_mcu_get_nic_capability(&dev->mphy);
993 }
994 
995 int mt7921_mcu_init(struct mt7921_dev *dev)
996 {
997 	static const struct mt76_mcu_ops mt7921_mcu_ops = {
998 		.headroom = sizeof(struct mt7921_mcu_txd),
999 		.mcu_skb_send_msg = mt7921_mcu_send_message,
1000 		.mcu_parse_response = mt7921_mcu_parse_response,
1001 		.mcu_restart = mt7921_mcu_restart,
1002 	};
1003 
1004 	dev->mt76.mcu_ops = &mt7921_mcu_ops;
1005 
1006 	return mt7921_run_firmware(dev);
1007 }
1008 
1009 void mt7921_mcu_exit(struct mt7921_dev *dev)
1010 {
1011 	mt7921_wfsys_reset(dev);
1012 	skb_queue_purge(&dev->mt76.mcu.res_q);
1013 }
1014 
1015 int mt7921_mcu_set_tx(struct mt7921_dev *dev, struct ieee80211_vif *vif)
1016 {
1017 #define WMM_AIFS_SET		BIT(0)
1018 #define WMM_CW_MIN_SET		BIT(1)
1019 #define WMM_CW_MAX_SET		BIT(2)
1020 #define WMM_TXOP_SET		BIT(3)
1021 #define WMM_PARAM_SET		GENMASK(3, 0)
1022 #define TX_CMD_MODE		1
1023 	struct edca {
1024 		u8 queue;
1025 		u8 set;
1026 		u8 aifs;
1027 		u8 cw_min;
1028 		__le16 cw_max;
1029 		__le16 txop;
1030 	};
1031 	struct mt7921_mcu_tx {
1032 		u8 total;
1033 		u8 action;
1034 		u8 valid;
1035 		u8 mode;
1036 
1037 		struct edca edca[IEEE80211_NUM_ACS];
1038 	} __packed req = {
1039 		.valid = true,
1040 		.mode = TX_CMD_MODE,
1041 		.total = IEEE80211_NUM_ACS,
1042 	};
1043 	struct mt7921_vif *mvif = (struct mt7921_vif *)vif->drv_priv;
1044 	int ac;
1045 
1046 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1047 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
1048 		struct edca *e = &req.edca[ac];
1049 
1050 		e->set = WMM_PARAM_SET;
1051 		e->queue = ac + mvif->mt76.wmm_idx * MT7921_MAX_WMM_SETS;
1052 		e->aifs = q->aifs;
1053 		e->txop = cpu_to_le16(q->txop);
1054 
1055 		if (q->cw_min)
1056 			e->cw_min = fls(q->cw_min);
1057 		else
1058 			e->cw_min = 5;
1059 
1060 		if (q->cw_max)
1061 			e->cw_max = cpu_to_le16(fls(q->cw_max));
1062 		else
1063 			e->cw_max = cpu_to_le16(10);
1064 	}
1065 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_EDCA_UPDATE, &req,
1066 				 sizeof(req), true);
1067 }
1068 
1069 int mt7921_mcu_set_chan_info(struct mt7921_phy *phy, int cmd)
1070 {
1071 	struct mt7921_dev *dev = phy->dev;
1072 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
1073 	int freq1 = chandef->center_freq1;
1074 	struct {
1075 		u8 control_ch;
1076 		u8 center_ch;
1077 		u8 bw;
1078 		u8 tx_streams_num;
1079 		u8 rx_streams;	/* mask or num */
1080 		u8 switch_reason;
1081 		u8 band_idx;
1082 		u8 center_ch2;	/* for 80+80 only */
1083 		__le16 cac_case;
1084 		u8 channel_band;
1085 		u8 rsv0;
1086 		__le32 outband_freq;
1087 		u8 txpower_drop;
1088 		u8 ap_bw;
1089 		u8 ap_center_ch;
1090 		u8 rsv1[57];
1091 	} __packed req = {
1092 		.control_ch = chandef->chan->hw_value,
1093 		.center_ch = ieee80211_frequency_to_channel(freq1),
1094 		.bw = mt7921_mcu_chan_bw(chandef),
1095 		.tx_streams_num = hweight8(phy->mt76->antenna_mask),
1096 		.rx_streams = phy->mt76->antenna_mask,
1097 		.band_idx = phy != &dev->phy,
1098 		.channel_band = chandef->chan->band,
1099 	};
1100 
1101 	if (dev->mt76.hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
1102 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
1103 	else if ((chandef->chan->flags & IEEE80211_CHAN_RADAR) &&
1104 		 chandef->chan->dfs_state != NL80211_DFS_AVAILABLE)
1105 		req.switch_reason = CH_SWITCH_DFS;
1106 	else
1107 		req.switch_reason = CH_SWITCH_NORMAL;
1108 
1109 	if (cmd == MCU_EXT_CMD_CHANNEL_SWITCH)
1110 		req.rx_streams = hweight8(req.rx_streams);
1111 
1112 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
1113 		int freq2 = chandef->center_freq2;
1114 
1115 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
1116 	}
1117 
1118 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
1119 }
1120 
1121 int mt7921_mcu_set_eeprom(struct mt7921_dev *dev)
1122 {
1123 	struct req_hdr {
1124 		u8 buffer_mode;
1125 		u8 format;
1126 		__le16 len;
1127 	} __packed req = {
1128 		.buffer_mode = EE_MODE_EFUSE,
1129 		.format = EE_FORMAT_WHOLE,
1130 	};
1131 
1132 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_EFUSE_BUFFER_MODE,
1133 				 &req, sizeof(req), true);
1134 }
1135 
1136 int mt7921_mcu_get_eeprom(struct mt7921_dev *dev, u32 offset)
1137 {
1138 	struct mt7921_mcu_eeprom_info req = {
1139 		.addr = cpu_to_le32(round_down(offset, 16)),
1140 	};
1141 	struct mt7921_mcu_eeprom_info *res;
1142 	struct sk_buff *skb;
1143 	int ret;
1144 	u8 *buf;
1145 
1146 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD_EFUSE_ACCESS, &req,
1147 					sizeof(req), true, &skb);
1148 	if (ret)
1149 		return ret;
1150 
1151 	res = (struct mt7921_mcu_eeprom_info *)skb->data;
1152 	buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
1153 	memcpy(buf, res->data, 16);
1154 	dev_kfree_skb(skb);
1155 
1156 	return 0;
1157 }
1158 
1159 int mt7921_mcu_uni_bss_ps(struct mt7921_dev *dev, struct ieee80211_vif *vif)
1160 {
1161 	struct mt7921_vif *mvif = (struct mt7921_vif *)vif->drv_priv;
1162 	struct {
1163 		struct {
1164 			u8 bss_idx;
1165 			u8 pad[3];
1166 		} __packed hdr;
1167 		struct ps_tlv {
1168 			__le16 tag;
1169 			__le16 len;
1170 			u8 ps_state; /* 0: device awake
1171 				      * 1: static power save
1172 				      * 2: dynamic power saving
1173 				      * 3: enter TWT power saving
1174 				      * 4: leave TWT power saving
1175 				      */
1176 			u8 pad[3];
1177 		} __packed ps;
1178 	} __packed ps_req = {
1179 		.hdr = {
1180 			.bss_idx = mvif->mt76.idx,
1181 		},
1182 		.ps = {
1183 			.tag = cpu_to_le16(UNI_BSS_INFO_PS),
1184 			.len = cpu_to_le16(sizeof(struct ps_tlv)),
1185 			.ps_state = vif->bss_conf.ps ? 2 : 0,
1186 		},
1187 	};
1188 
1189 	if (vif->type != NL80211_IFTYPE_STATION)
1190 		return -EOPNOTSUPP;
1191 
1192 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_BSS_INFO_UPDATE,
1193 				 &ps_req, sizeof(ps_req), true);
1194 }
1195 
1196 int mt7921_mcu_uni_bss_bcnft(struct mt7921_dev *dev, struct ieee80211_vif *vif,
1197 			     bool enable)
1198 {
1199 	struct mt7921_vif *mvif = (struct mt7921_vif *)vif->drv_priv;
1200 	struct {
1201 		struct {
1202 			u8 bss_idx;
1203 			u8 pad[3];
1204 		} __packed hdr;
1205 		struct bcnft_tlv {
1206 			__le16 tag;
1207 			__le16 len;
1208 			__le16 bcn_interval;
1209 			u8 dtim_period;
1210 			u8 pad;
1211 		} __packed bcnft;
1212 	} __packed bcnft_req = {
1213 		.hdr = {
1214 			.bss_idx = mvif->mt76.idx,
1215 		},
1216 		.bcnft = {
1217 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1218 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1219 			.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1220 			.dtim_period = vif->bss_conf.dtim_period,
1221 		},
1222 	};
1223 
1224 	if (vif->type != NL80211_IFTYPE_STATION)
1225 		return 0;
1226 
1227 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_BSS_INFO_UPDATE,
1228 				 &bcnft_req, sizeof(bcnft_req), true);
1229 }
1230 
1231 int mt7921_mcu_set_bss_pm(struct mt7921_dev *dev, struct ieee80211_vif *vif,
1232 			  bool enable)
1233 {
1234 	struct mt7921_vif *mvif = (struct mt7921_vif *)vif->drv_priv;
1235 	struct {
1236 		u8 bss_idx;
1237 		u8 dtim_period;
1238 		__le16 aid;
1239 		__le16 bcn_interval;
1240 		__le16 atim_window;
1241 		u8 uapsd;
1242 		u8 bmc_delivered_ac;
1243 		u8 bmc_triggered_ac;
1244 		u8 pad;
1245 	} req = {
1246 		.bss_idx = mvif->mt76.idx,
1247 		.aid = cpu_to_le16(vif->bss_conf.aid),
1248 		.dtim_period = vif->bss_conf.dtim_period,
1249 		.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1250 	};
1251 	struct {
1252 		u8 bss_idx;
1253 		u8 pad[3];
1254 	} req_hdr = {
1255 		.bss_idx = mvif->mt76.idx,
1256 	};
1257 	int err;
1258 
1259 	if (vif->type != NL80211_IFTYPE_STATION)
1260 		return 0;
1261 
1262 	err = mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_BSS_ABORT, &req_hdr,
1263 				sizeof(req_hdr), false);
1264 	if (err < 0 || !enable)
1265 		return err;
1266 
1267 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_BSS_CONNECTED, &req,
1268 				 sizeof(req), false);
1269 }
1270 
1271 int mt7921_mcu_sta_update(struct mt7921_dev *dev, struct ieee80211_sta *sta,
1272 			  struct ieee80211_vif *vif, bool enable,
1273 			  enum mt76_sta_info_state state)
1274 {
1275 	struct mt7921_vif *mvif = (struct mt7921_vif *)vif->drv_priv;
1276 	int rssi = -ewma_rssi_read(&mvif->rssi);
1277 	struct mt76_sta_cmd_info info = {
1278 		.sta = sta,
1279 		.vif = vif,
1280 		.enable = enable,
1281 		.cmd = MCU_UNI_CMD_STA_REC_UPDATE,
1282 		.state = state,
1283 		.offload_fw = true,
1284 		.rcpi = to_rcpi(rssi),
1285 	};
1286 	struct mt7921_sta *msta;
1287 
1288 	msta = sta ? (struct mt7921_sta *)sta->drv_priv : NULL;
1289 	info.wcid = msta ? &msta->wcid : &mvif->sta.wcid;
1290 	info.newly = msta ? state != MT76_STA_INFO_STATE_ASSOC : true;
1291 
1292 	return mt76_connac_mcu_sta_cmd(&dev->mphy, &info);
1293 }
1294 
1295 int __mt7921_mcu_drv_pmctrl(struct mt7921_dev *dev)
1296 {
1297 	struct mt76_phy *mphy = &dev->mt76.phy;
1298 	struct mt76_connac_pm *pm = &dev->pm;
1299 	int i, err = 0;
1300 
1301 	for (i = 0; i < MT7921_DRV_OWN_RETRY_COUNT; i++) {
1302 		mt76_wr(dev, MT_CONN_ON_LPCTL, PCIE_LPCR_HOST_CLR_OWN);
1303 		if (mt76_poll_msec(dev, MT_CONN_ON_LPCTL,
1304 				   PCIE_LPCR_HOST_OWN_SYNC, 0, 50))
1305 			break;
1306 	}
1307 
1308 	if (i == MT7921_DRV_OWN_RETRY_COUNT) {
1309 		dev_err(dev->mt76.dev, "driver own failed\n");
1310 		err = -EIO;
1311 		goto out;
1312 	}
1313 
1314 	mt7921_wpdma_reinit_cond(dev);
1315 	clear_bit(MT76_STATE_PM, &mphy->state);
1316 
1317 	pm->stats.last_wake_event = jiffies;
1318 	pm->stats.doze_time += pm->stats.last_wake_event -
1319 			       pm->stats.last_doze_event;
1320 out:
1321 	return err;
1322 }
1323 
1324 int mt7921_mcu_drv_pmctrl(struct mt7921_dev *dev)
1325 {
1326 	struct mt76_phy *mphy = &dev->mt76.phy;
1327 	struct mt76_connac_pm *pm = &dev->pm;
1328 	int err = 0;
1329 
1330 	mutex_lock(&pm->mutex);
1331 
1332 	if (!test_bit(MT76_STATE_PM, &mphy->state))
1333 		goto out;
1334 
1335 	err = __mt7921_mcu_drv_pmctrl(dev);
1336 out:
1337 	mutex_unlock(&pm->mutex);
1338 
1339 	if (err)
1340 		mt7921_reset(&dev->mt76);
1341 
1342 	return err;
1343 }
1344 
1345 int mt7921_mcu_fw_pmctrl(struct mt7921_dev *dev)
1346 {
1347 	struct mt76_phy *mphy = &dev->mt76.phy;
1348 	struct mt76_connac_pm *pm = &dev->pm;
1349 	int i, err = 0;
1350 
1351 	mutex_lock(&pm->mutex);
1352 
1353 	if (mt76_connac_skip_fw_pmctrl(mphy, pm))
1354 		goto out;
1355 
1356 	for (i = 0; i < MT7921_DRV_OWN_RETRY_COUNT; i++) {
1357 		mt76_wr(dev, MT_CONN_ON_LPCTL, PCIE_LPCR_HOST_SET_OWN);
1358 		if (mt76_poll_msec(dev, MT_CONN_ON_LPCTL,
1359 				   PCIE_LPCR_HOST_OWN_SYNC, 4, 50))
1360 			break;
1361 	}
1362 
1363 	if (i == MT7921_DRV_OWN_RETRY_COUNT) {
1364 		dev_err(dev->mt76.dev, "firmware own failed\n");
1365 		clear_bit(MT76_STATE_PM, &mphy->state);
1366 		err = -EIO;
1367 	}
1368 
1369 	pm->stats.last_doze_event = jiffies;
1370 	pm->stats.awake_time += pm->stats.last_doze_event -
1371 				pm->stats.last_wake_event;
1372 out:
1373 	mutex_unlock(&pm->mutex);
1374 
1375 	if (err)
1376 		mt7921_reset(&dev->mt76);
1377 
1378 	return err;
1379 }
1380 
1381 void
1382 mt7921_pm_interface_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
1383 {
1384 	struct mt7921_phy *phy = priv;
1385 	struct mt7921_dev *dev = phy->dev;
1386 	struct ieee80211_hw *hw = mt76_hw(dev);
1387 	int ret;
1388 
1389 	if (dev->pm.enable)
1390 		ret = mt7921_mcu_uni_bss_bcnft(dev, vif, true);
1391 	else
1392 		ret = mt7921_mcu_set_bss_pm(dev, vif, false);
1393 
1394 	if (ret)
1395 		return;
1396 
1397 	if (dev->pm.enable) {
1398 		vif->driver_flags |= IEEE80211_VIF_BEACON_FILTER;
1399 		ieee80211_hw_set(hw, CONNECTION_MONITOR);
1400 		mt76_set(dev, MT_WF_RFCR(0), MT_WF_RFCR_DROP_OTHER_BEACON);
1401 	} else {
1402 		vif->driver_flags &= ~IEEE80211_VIF_BEACON_FILTER;
1403 		__clear_bit(IEEE80211_HW_CONNECTION_MONITOR, hw->flags);
1404 		mt76_clear(dev, MT_WF_RFCR(0), MT_WF_RFCR_DROP_OTHER_BEACON);
1405 	}
1406 }
1407 
1408 int mt7921_get_txpwr_info(struct mt7921_dev *dev, struct mt7921_txpwr *txpwr)
1409 {
1410 	struct mt7921_txpwr_event *event;
1411 	struct mt7921_txpwr_req req = {
1412 		.dbdc_idx = 0,
1413 	};
1414 	struct sk_buff *skb;
1415 	int ret;
1416 
1417 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_CMD_GET_TXPWR,
1418 					&req, sizeof(req), true, &skb);
1419 	if (ret)
1420 		return ret;
1421 
1422 	event = (struct mt7921_txpwr_event *)skb->data;
1423 	WARN_ON(skb->len != le16_to_cpu(event->len));
1424 	memcpy(txpwr, &event->txpwr, sizeof(event->txpwr));
1425 
1426 	dev_kfree_skb(skb);
1427 
1428 	return 0;
1429 }
1430